Introduction
It is always very difficult to find pentesting tools from different websites and then install them one by one on your Linux machine. Imagine you get a tool that will help you install all hacking tool to convert your raw Linux machine into hacking Console. Earlier we showed on how we can turn android device into pentesting or hacking device.
Now using Lazymux we can install all the hacking tools on Linux machine by simply choosing the module option, by module we means Penetration testing phases. According to researcher of International Institute of Cyber Security, this tool makes it easy for any hacker/penetration tester to install tools for particular module and moreover there is no need to search source particular tool.
Environment
- Os: Kali Linux 2020 64 bits
- Kernel-Version: 5.6.0
Installation Steps
- Use this command to clone the project.
- git clone https://github.com/Sanix-Darker/Lazymux
root@kali:/home/iicybersecurity# git clone https://github.com/Sanix-Darker/Lazymux Cloning into 'Lazymux'... remote: Enumerating objects: 125, done. remote: Total 125 (delta 0), reused 0 (delta 0), pack-reused 125 Receiving objects: 100% (125/125), 116.23 KiB | 250.00 KiB/s, done. Resolving deltas: 100% (54/54), done.
- Use the cd command to enter into Lazymux directory.
root@kali:/home/iicybersecurity# cd Lazymux/ root@kali:/home/iicybersecurity/Lazymux#
- Now, use this command to provide the file permissions, update python3 and launch the tool
- chmod +x lazymux.py && apt install python3 && python3 lazymux.py.
root@kali:/home/iicybersecurity/Lazymux# chmod +x lazymux.py && apt install python2 && python2 lazymux.py Reading package lists... Done Building dependency tree Reading state information... Done python2 is already the newest version (2.7.17-2). python2 set to manually installed. The following packages were automatically installed and are no longer required: libre2-6 php7.3 vlc-l10n vlc-plugin-notify vlc-plugin-samba vlc-plugin-video-splitter vlc-plugin-visualization Use 'apt autoremove' to remove them. 0 upgraded, 0 newly installed, 0 to remove and 109 not upgraded. 287 not fully installed or removed. After this operation, 0 B of additional disk space will be used. Do you want to continue? [Y/n] Y =====================================================================================================SNIP================================================================================================================================= Setting up kali-linux-default (2020.3.9) ... Processing triggers for libc-bin (2.30-8) ... Processing triggers for systemd (245.6-1) ... Processing triggers for cracklib-runtime (2.9.6-3.2+b1) ... skipping line: 1 Setting up kali-linux-large (2020.3.9) ... Setting up mariadb-server-10.3 (1:10.3.23-1) ... Installing new version of config file /etc/apparmor.d/usr.sbin.mysqld ... mariadb.service is a disabled or a static unit, not starting it. Setting up zsh (5.8-5) ... Processing triggers for initramfs-tools (0.137) ... update-initramfs: Generating /boot/initrd.img-5.6.0-kali2-amd64
- Successfully launched the tool.
- In the above screenshot, we see all the module/phases which are related to hacking in real time.
- Here, it’s divided into two different way, in 01 – 08 option we can install specific tool for specific module and in 09 – 16 options, we can install all the tools of specific module in one go.
- Now we will list tools covered in each module.
Information Gathering
Information Gathering: Information Gathering, is collecting unique information about the target. We use this, in the first stage of penetration testing.
- Now, choose 01 to install required tool or choose, 09 to install all the information gathering tools in one go.
- 01
lzmx > 01[01] Nmap
[02] Red Hawk
[03] D-Tect
[04] sqlmap
[05] Infoga
[06] ReconDog
[07] AndroZenmap
[08] sqlmate
[09] AstraNmap
[10] WTF
[11] Easymap
[12] BlackBox
[13] XD3v
[14] Crips
[15] SIR
[16] EvilURL
[17] Striker
[18] Xshell
[19] OWScan
[20] OSIF
[21] Devploit
[22] Namechk
[23] AUXILE
[24] inther
[25] GINF
[00] Back to main menu
- Here, we have 25 different tools.
- Choose the required option to install.
- Now, choose option 09 to install all the tools.
lzmx > 09 Installing Nmap Hit:1 http://dl.google.com/linux/chrome/deb stable InRelease Get:3 http://ppa.launchpad.net/mozillateam/firefox-next/ubuntu groovy InRelease [23.8 kB] Err:3 http://ppa.launchpad.net/mozillateam/firefox-next/ubuntu groovy InRelease The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9BDB3D89CE49EC21 Hit:4 http://deb.i2p2.no unstable InRelease Hit:2 http://ftp.harukasan.org/kali kali-rolling InRelease Reading package lists… Done W: GPG error: http://ppa.launchpad.net/mozillateam/firefox-next/ubuntu groovy InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9BDB3D89CE49EC21 E: The repository 'http://ppa.launchpad.net/mozillateam/firefox-next/ubuntu groovy InRelease' is not signed. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details. Reading package lists… Done Building dependency tree Reading state information… Done ==================================================================================================SNIP============================================================================================= Reading package lists… Done Building dependency tree Reading state information… Done git is already the newest version (1:2.27.0-1). The following packages were automatically installed and are no longer required: libre2-6 php7.3 vlc-l10n vlc-plugin-notify vlc-plugin-samba vlc-plugin-video-splitter vlc-plugin-visualization Use 'apt autoremove' to remove them. 0 upgraded, 0 newly installed, 0 to remove and 109 not upgraded. fatal: destination path 'sqlmap' already exists and is not an empty directory. mv: cannot move 'sqlmap' to '/root/sqlmap': Directory not empty Done [99] Back to main menu [00] Exit the Lazymux
- Successfully installed all 25 information gathering tools.
Vulnerability Scanner
Vulnerability scanner: Vulnerability scanner is used for penetration testing. To find out the vulnerabilities on particular domain.
- Now, choose option 02 to install a specific tool or choose option 10 to install all Vulnerability scanner tool
- 02
lzmx > 02[01] Nmap
[02] AndroZenmap
[03] AstraNmap
[04] Easymap
[05] Red Hawk
[06] D-Tect
[07] Damn Small SQLi Scanner
[08] SQLiv
[09] sqlmap
[10] sqlscan
[11] WordPresscan
[12] WPScan
[13] sqlmate
[14] wordpresscan
[15] WTF
[16] Rang3r
[17] Striker
[18] Routersploit
[19] Xshell
[20] SH33LL
[21] BlackBox
[22] XAttacker
[23] OWScan
[00] Back to main menu
- Here, we have 23 tools.
- Now, choose option 10 to install all the tools.
lzmx > 10 Installing all Vulnerability_Scanner Modules on LazyMux Installing Nmap Reading package lists… Done Building dependency tree Reading state information… Done nmap is already the newest version (7.80+dfsg1-5kali1). The following packages were automatically installed and are no longer required: libre2-6 php7.3 vlc-l10n vlc-plugin-notify vlc-plugin-samba vlc-plugin-video-splitter vlc-plugin-visualization Use 'apt autoremove' to remove them. 0 upgraded, 0 newly installed, 0 to remove and 109 not upgraded. =============================================================================================SNIP================================================================================================== Get:3 http://ppa.launchpad.net/mozillateam/firefox-next/ubuntu groovy InRelease [23.8 kB] Err:3 http://ppa.launchpad.net/mozillateam/firefox-next/ubuntu groovy InRelease The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9BDB3D89CE49EC21 Hit:2 http://ftp.harukasan.org/kali kali-rolling InRelease Hit:4 http://deb.i2p2.no unstable InRelease Reading package lists… Done W: GPG error: http://ppa.launchpad.net/mozillateam/firefox-next/ubuntu groovy InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9BDB3D89CE49EC21 E: The repository 'http://ppa.launchpad.net/mozillateam/firefox-next/ubuntu groovy InRelease' is not signed. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details. Processing… Done [99] Back to main menu [00] Exit the Lazymux
- Successfully installed all the 23 Vulnerability scanner tools, researcher of International Institute of Cyber Security comments, that some tools are good for pentesters to start.
Stress Testing
Stress Testing: Stress testing is used to verify the system’s stability and reliability. This testing is done to verify that system could not crash when it reach high load.
- Now, choose option 03 to install required tool or choose option 11 to install all the tools at a time
lzmx > 03[01] Torshammer
[02] Slowloris
[03] Fl00d & Fl00d2
[04] GoldenEye
[05] Xerxes
[06] Planetwork-DDOS
[07] Hydra
[08] Black Hydra
[09] Xshell
[10] santet-online
[11] DDosy
[00] Back to main menu
- Here, we have 11 different tool
- Now, choose option 11
lzmx > 11 Installing all Stress_Testing Modules on LazyMux … Installing Torshammer Reading package lists… Done Building dependency tree Reading state information… Done python2 is already the newest version (2.7.17-2). The following packages were automatically installed and are no longer required: libre2-6 php7.3 vlc-l10n vlc-plugin-notify vlc-plugin-samba vlc-plugin-video-splitter vlc-plugin-visualization Use 'apt autoremove' to remove them. 0 upgraded, 0 newly installed, 0 to remove and 109 not upgraded. Reading package lists… Done Building dependency tree Reading state information… Done ================================================================================================SNIP=============================================================================================== Hit:1 http://dl.google.com/linux/chrome/deb stable InRelease Get:3 http://ppa.launchpad.net/mozillateam/firefox-next/ubuntu groovy InRelease [23.8 kB] Err:3 http://ppa.launchpad.net/mozillateam/firefox-next/ubuntu groovy InRelease The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9BDB3D89CE49EC21 Hit:2 http://ftp.harukasan.org/kali kali-rolling InRelease Hit:4 http://deb.i2p2.no unstable InRelease Reading package lists… Done W: GPG error: http://ppa.launchpad.net/mozillateam/firefox-next/ubuntu groovy InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9BDB3D89CE49EC21 E: The repository 'http://ppa.launchpad.net/mozillateam/firefox-next/ubuntu groovy InRelease' is not signed. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details. Processing… Done [99] Back to main menu [00] Exit the Lazymux
- Succsefully we have installed 11 Stress testing tools.
Password Attack
Password Attack: We use a password attack to capture the victim’s credentials by using some tools. Using these credentials hackers can steal the confidential data from the victim’s account.
- Now, choose option 04 to install the required tool or choose 12 to install all the tools at a time.
lzmx > 04[01] Hydra
[02] Facebook Brute Force
[03] Facebook Brute Force 2
[04] Facebook Brute Force 3
[05] Black Hydra
[06] Hash Buster
[07] 1337Hash
[08] Cupp
[09] InstaHack
[10] Indonesian Wordlist
[11] Xshell
[12] Social-Engineering
[13] BlackBox
[14] Hashzer
[15] Hasher
[16] Hash-Generator
[17] nk26
[18] Hasherdotid
[19] SocialBox
[00] Back to main menu
- Here, we have 19 different tools.
- Choose option 13
lzmx > 12 Installing all Password_Attacks Modules on LazyMux Installing Hydra Reading package lists… Done Building dependency tree Reading state information… Done hydra is already the newest version (9.0-1). The following packages were automatically installed and are no longer required: libre2-6 php7.3 vlc-l10n vlc-plugin-notify vlc-plugin-samba vlc-plugin-video-splitter vlc-plugin-visualization Use 'apt autoremove' to remove them. 0 upgraded, 0 newly installed, 0 to remove and 109 not upgraded. Hit:1 http://dl.google.com/linux/chrome/deb stable InRelease ================================================================================================SNIP=============================================================================================== Reading package lists… Done W: GPG error: http://ppa.launchpad.net/mozillateam/firefox-next/ubuntu groovy InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9BDB3D89CE49EC21 E: The repository 'http://ppa.launchpad.net/mozillateam/firefox-next/ubuntu groovy InRelease' is not signed. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details. Processing… Done [99] Back to main menu [00] Exit the Lazymux
- Successfully installed all 19 password attack tools.
Web Hacking
Web Hacking: Web hacking is exploiting the websites by collecting information, scanning the websites with different tools and finding out the vulnerabilities, then exploiting the website and stealing the visitor’s information, spreading viruses, etc.
- Now, choose option 05 to install the required tool or choose 13 to install all the tools at a time.
lzmx > 05[01] sqlmap
[02] Webdav
[03] xGans
[04] Webdav Mass Exploit
[05] WPSploit
[06] sqldump
[07] Websploit
[08] sqlmate
[09] sqlokmed
[10] zones
[11] Xshell
[12] SH33LL
[13] XAttacker
[14] XSStrike
[15] Breacher
[16] OWScan
[17] ko-dork
[18] ApSca
[19] amox
[20] FaDe
[21] AUXILE
[22] HPB
[23] inther
[00] Back to main menu
- Here, we have 23 different tools
- Choose option 13
lzmx > 13 Installing all Web_Hacking Modules on LazyMux Installing sqlmap Reading package lists… Done Building dependency tree Reading state information… Done python2 is already the newest version (2.7.17-2). The following packages were automatically installed and are no longer required: libre2-6 php7.3 vlc-l10n vlc-plugin-notify vlc-plugin-samba vlc-plugin-video-splitter vlc-plugin-visualization Use 'apt autoremove' to remove them. 0 upgraded, 0 newly installed, 0 to remove and 109 not upgraded. Reading package lists… Done ==================================================================================================SNIP============================================================================================= Hit:2 http://ftp.harukasan.org/kali kali-rolling InRelease Hit:4 http://deb.i2p2.no unstable InRelease Reading package lists… Done W: GPG error: http://ppa.launchpad.net/mozillateam/firefox-next/ubuntu groovy InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9BDB3D89CE49EC21 E: The repository 'http://ppa.launchpad.net/mozillateam/firefox-next/ubuntu groovy InRelease' is not signed. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details. Processing… Done [99] Back to main menu [00] Exit the Lazymux
- Successfully installed all 23 web hacking tools.
Exploitation
Exploitation: We use this module to find out the vulnerabilities in a computer or a network. Using these vulnerabilities hackers can exploit any machine and take control of the whole system or network.
Now, choose option 06 to install the required tool Or choose 14 to install all the tools at a time.
lzmx > 06[01] Metasploit
[02] commix
[03] sqlmap
[04] Brutal
[05] A-Rat
[06] WPSploit
[07] Websploit
[08] Routersploit
[09] BlackBox
[10] XAttacker
[11] TXTool
[12] MSF-Pg
[13] Binary Exploitation
[00] Back to main menu
- Here, we have 13 different tools.
- Choose option 14
lzmx > 14 Installing all Exploitation_Tools Modules on LazyMux Installing Metasploit Reading package lists… Done Building dependency tree Reading state information… Done wget is already the newest version (1.20.3-1+b2). The following packages were automatically installed and are no longer required: libre2-6 php7.3 vlc-l10n vlc-plugin-notify vlc-plugin-samba vlc-plugin-video-splitter vlc-plugin-visualization Use 'apt autoremove' to remove them. 0 upgraded, 0 newly installed, 0 to remove and 109 not upgraded. ===============================================================================================SNIP================================================================================================ W: GPG error: http://ppa.launchpad.net/mozillateam/firefox-next/ubuntu groovy InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9BDB3D89CE49EC21 E: The repository 'http://ppa.launchpad.net/mozillateam/firefox-next/ubuntu groovy InRelease' is not signed. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details. Processing… Done [99] Back to main menu [00] Exit the Lazymux
- Successfully we installed all 13 exploitation tools
Sniffing & Spoofing
Sniffing: Sniffing is an attack in which hacker can sniff the user’s credentials from the network. when user has no encryption and logged in to his account.
Spoofing: Spoofing is an attack in which third party person can monitor the users activates in between the users and server.
- Now, choose option 06 to install the required tool Or choose 15 to install all the tools at a time.
lzmx > 07[01] KnockMail
[02] Spammer-Grab
[03] Hac
[04] Spammer-Email
[05] SocialFish
[06] santet-online
[07] SpazSMS
[00] Back to main menu
- Here, we have 7 different tools
- Choose option 15
lzmx > 15 Installing all Sniffing_and_Spoofing Modules on LazyMux Installing KnockMail Reading package lists… Done Building dependency tree Reading state information… Done git is already the newest version (1:2.27.0-1). The following packages were automatically installed and are no longer required: libre2-6 php7.3 vlc-l10n vlc-plugin-notify vlc-plugin-samba vlc-plugin-video-splitter vlc-plugin-visualization Use 'apt autoremove' to remove them. 0 upgraded, 0 newly installed, 0 to remove and 109 not upgraded. ============================================================================================SNIP=================================================================================================== Requirement already satisfied: chardet<3.1.0,>=3.0.2 in /usr/lib/python2.7/dist-packages (from requests) (3.0.4) Requirement already satisfied: idna<2.9,>=2.5 in /usr/local/lib/python2.7/dist-packages (from requests) (2.8) Cloning into 'SpazSMS'… remote: Enumerating objects: 12, done. remote: Total 12 (delta 0), reused 0 (delta 0), pack-reused 12 Unpacking objects: 100% (12/12), 3.08 MiB | 1.77 MiB/s, done. Reading package lists… Done E: Could not get lock /var/lib/apt/lists/lock. It is held by process 85695 (apt) N: Be aware that removing the lock file is not a solution and may break your system. Processing… Done [99] Back to main menu [00] Exit the Lazymux
- Successfully installed all the sniffing and spoofing tool
Other
In the others module, we have few missing tools, Traffic collector servers and Linux Operating system.
Now, choose option 07 to install the required tool or choose 16 to install all the tools at a time.
lzmx > 08[01] SpiderBot
[02] Ngrok
[03] Sudo
[04] Ubuntu
[05] Fedora
[06] Kali Nethunter
[07] VCRT
[08] E-Code
[09] Termux-Styling
[10] PassGen
[11] xl-py
[12] BeanShell
[13] WebConn
[14] TouchUrl
[15] Textr
[00] Back to main menu
- Here, we have 15 different tools.
- Choose option 16
lzmx > 16 Installing all Other Modules on LazyMux Installing SpiderBot Reading package lists… Done Building dependency tree Reading state information… Done git is already the newest version (1:2.27.0-1). The following packages were automatically installed and are no longer required: libre2-6 php7.3 vlc-l10n vlc-plugin-notify vlc-plugin-samba vlc-plugin-video-splitter vlc-plugin-visualization Use 'apt autoremove' to remove them. 0 upgraded, 0 newly installed, 0 to remove and 109 not upgraded. Reading package lists… Done ==================================================================================================SNIP============================================================================================= Hit:3 http://ftp.harukasan.org/kali kali-rolling InRelease Hit:4 http://deb.i2p2.no unstable InRelease Reading package lists… Done W: GPG error: http://ppa.launchpad.net/mozillateam/firefox-next/ubuntu groovy InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9BDB3D89CE49EC21 E: The repository 'http://ppa.launchpad.net/mozillateam/firefox-next/ubuntu groovy InRelease' is not signed. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details. Processing… Done [99] Back to main menu [00] Exit the Lazymux
Conclusion
As we saw complete installation of all module with different tool. This tool is easy for every hacker or penetration tester to convert raw Linux machine in Hacking or Pentesting Console.
Cyber Security Specialist with 18+ years of industry experience . Worked on the projects with AT&T, Citrix, Google, Conexant, IPolicy Networks (Tech Mahindra) and HFCL. Constantly keeping world update on the happening in Cyber Security Area.